Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-15897

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified...

4.3CVSS6.7AI score0.02303EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 8 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs: Unitialized buffer due to incorrect encoding CVE-2017-15897 Note that Nessus has not tested for this issue...

3.1CVSS6.2AI score0.02303EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/12/15 12:0 a.m.59 views

FreeBSD : node.js -- Data Confidentiality/Integrity Vulnerability, December 2017 (bea84a7a-e0c9-11e7-b4f3-11baa0c2df21)

"Node.js reports : Data Confidentiality/Integrity Vulnerability - CVE-2017-15896 Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using t...

9.1CVSS6.2AI score0.78675EPSS
Exploits1References5
Cvelist
Cvelist
added 2017/12/11 9:0 p.m.33 views

CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

6.4AI score0.02303EPSS
Exploits0References1
CVE
CVE
added 2017/12/11 9:0 p.m.93 views

CVE-2017-15897

CVE-2017-15897 affects Node.js versions 8.x and 9.x. The root cause is a buffer initialization bug where buffers were not initialized when the encoding for the fill value did not match the encoding specified, potentially allowing information disclosure. Public descriptions in connected docs corro...

4.3CVSS4.1AI score0.02303EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2017/12/08 12:0 a.m.59 views

node.js -- Data Confidentiality/Integrity Vulnerability, December 2017

Node.js reports: Data Confidentiality/Integrity Vulnerability - CVE-2017-15896 Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the...

9.1CVSS6.7AI score0.02385EPSS
Exploits0References1
Rows per page
Query Builder